Black Duck Eggs and Other Secrets of Chinese Hacks

Roberto123 writes "Network World offers some insights into the way China infiltrates US organizations, physically and via computer, to steal information. Security expert Ira Winkler says there are far more serious threats out there than the 'laughable' uproar over China's hack of Google."

The article draws weird conclusions.

[flowerp]

My wife has no problems buying black eggs of any kind in asia stores in Germany. Oh, and black eggs can be mailed long distance, it's fermented and thereby preserved food.

And you really can't conclude from the menu of a chinese restaurant what's going or not going on behind the scenes. I call bullshit on this one. No corporate espionage ring would need to use a "safe house" or "safe restaurant" for that matter to drop off secret information or to secretly meet. It's the information age, dummies!

Re:The article draws weird conclusions.

WTF. Century eggs are to Chinese people what pickles are to Americans... they're not a rare delicacy at all. You can make them in your own home. You can buy them at the freaking Asian corner store. Anyone who fails to find a century egg in San Francisco is a real moron.

And organized crime? Give me a break. If you see sardines in a grocery, do you jump to the conclusion that it's operated by the Mafia?

I gotta agree.

[khasim]

And furthermore:

Besides continually innovating at hacking computer networks in the U.S. and globally, Chinese interests also hack companies physically by infiltrating them with people who can then be recruited as spies, Winkler said.

Huh? I can see infiltrating them with spies ... but infiltrating them with people who you will then try to recruit to be a spy?

Isn't that a bit ... stupid?

Re:I gotta agree.

[thesaurus]

And this is why we're screwed trying to stop Chinese espionage...our security consultants are frakking morons.

Re:I gotta agree.

[Jah-Wren+Ryel]

If the Chinese government is attempting this kind of extortion on a large scale, we have to assume that some of those attempts will be failures, and that some of those failures will be loud.

You are right, holding the family at home hostage is just stupid.
On the other hand - giving them special treatment, like getting the kids into a better school, moving a sick relative up the line for organ transplant, that kind of stuff is easy to do hush-hush.

And, of course, that's not the only thing they do. They also play on feelings of nationalism. Just because a guy leaves his country of birth for better opportunities doesn't mean he thinks the country is shit, in fact he may even want to go back and if he can contribute to the economic development of the country that may even make it possible for him to go back and get the kind of job that didn't exist when he left.

Re:I gotta agree.

You're a China hater. You might be right about family being important in Chinese culture, but it's not worship, by any means. You make us sound like non-humans. I have to try not to get angry at your war mentality, but instead put forth my understanding.

Family is a different concept in Chinese culture, it works like this: In Western culture, Mother may say one thing, and Grandmother may say another thing, but ultimately Mother gets her say.

In traditional Chinese culture, and I put a strong emphasis on traditional, Grandmother may say one thing, and Mother will go along with it. After all, she's older. Please bear in mind that with the new urbanization in China, this style is shifting as the fast-paced change in urban society makes it harder for older people to remain saavy their entire lives.

So, we Chinese are people too. Please be nice.

Re:Hmmm ...

[interkin3tic]

That seems to be all the evidence needed.

From TFA:

"I can't get black duck eggs in San Francisco, let alone this little piece of crap town in the middle of nowhere." Stan's conclusion was that the Chinese restaurant was a front for a Chinese espionage operation targeting the Fortune 5 business.

Sounds like this security consultant is pretty quick to assume that we need more security. I wonder why.

And it's not just that one restaurant. Check out this menu, something definitely smells fishy about it to me. No doubt it's a north korean spy base.

Why even risk the possibility?

[khasim]

Not if you know you will be able to manipulate the recruits. China has a lot of control over the lives of those peoples relatives back home.

Why even risk the possibility that one of them will NOT take the offer?

Cut out the middleman and simply send them spies to be hired. Spies who have ALREADY agreed to be spies for you.

Re:the lede

[EEPROMS]

Hate to blow you out of the water but the US government does leak private details of foreign companies collected by it's national security agencies. A good example was the US government being caught red handed leaking secret wheat price bids from Canadian companies to local US suppliers collected by the NSA. So if the US is happy to stab a trading partner like Canada in the back what do you think they are doing to none aligned entities like China!

What the duck?

[XiaoMing]

I'm not sure if the author of the article is actually a moron who can't shop and also a complete racist, or smart enough to realize his article would have no readers without putting in a culturally ignorant title, but I'd like to know where the hell he has been shopping in SF.

First of all, you can get black duck eggs damn near everywhere. I can get them in Fremont, Sunnyvale, or Cupertino, California at a variety of locations (Lions, 99Ranch, etc.), and I'm PRETTY sure you'd be able to find it in one of the biggest Chinatowns this country has to offer.
Hell I live in Madison, Wisconsin now and I'm 10 minutes (walking distance) away from a run down Chinese grocery outlet the size of a 7-11 that sells black duck eggs, and two out of the three crappy fast-food only takeout restaurants here serve porridge with black duck eggs.

To use decades old "cultural insight" that black duck eggs are a "Chinese Delicacy" without realizing that within the last two decades foods and goods Chinese people have only heard about in stories have become commonplace items not only in China, but also internationally as exports, is just pathetic.

But I guess there really was no other way to emphasize the ridiculously commonplace adage--that the human link is the weakest in security--without resorting to making ridiculous and dated cultural assumptions.

It's alright that he's not too good with cultures and people I guess. I mean, he's Russian after all, they're only good at math and physics.

Chinese espionage is not innocuous

[MasaMuneCyrus]

The author didn't state it elegantly, but he still made the point -- Chinese industrial espionage is very real, is here now, and it is state-sponsored. China views hacking not only as a fast-track to becoming an industrial superpower, but they view it as a method of becoming a military superpower, too. A good part of China's military buildup involves locating and training talented young people, as well as hiring the already established hacker-underground folk for military purposes. They figure (probably correctly) that they are nowhere near capable of competing with the US military on a technological front, but if they can shut down our command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) networks (not coincidentally, this is also why they developed the satellite-killing missile), then they have essentially shut us down, especially for any military response to an attack on Taiwan.

Here are just a few examples of the many, many already known about cases of Chinese espionage.
- The infamous Cox Report (regarding the PRC stealing our most advanced nuclear weapon designs)
- The well-known Google attacks
- A Boeing engineer was sentenced to 15 years for espionage, selling rocket technology to the PRC
- The FBI caught an American with very high security clearance and a Taiwanese-American selling classified information about weapon-sales to Taiwan to the PRC.
- The British MI5 released a report detailing all kinds of Chinese espionage. For example, high-profile UK businessmen have been approached by PRC spies with lavish gifts which include USB flash drives infected with trojans to steal information, and in 2008, an aide to Gordon Brown had his Blackberry stolen after a sexy Chinese woman approached him in Beijing -- a classic, almost too classic to be true, Soviet-style tactic. Other diplomats, too, have been sexually blackmailed by the PRC to divulge information.
- Here is a research paper by Northrop Grumman regarding China's cyber-warfare abilities, 88 pages filled with the stuff. Turn to page 67 for a "Timeline of Significant Chinese Related Cyber Events 1999-Present," let alone the details of the rest of the paper which shows the large effort by the PRC to improve their cyber-warfare and espionage abilities.

Here are some more excerpts:

MI5 Report

The MI5 report described how China’s computer hacking campaign had attacked British defense, energy, communications and manufacturing companies, as well as public relations companies and international law firms. The document explicitly warned British executives dealing with China against so-called honey trap methods in which it said the Chinese tried to cultivate personal relationships, “often using lavish hospitality and flattery,” either within China or abroad.

“Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurize individuals to cooperate with them,” it warned. “Hotel rooms in major Chinese cities such as Beijing and Shanghai which have been frequented by foreigners are likely to be bugged. Hotel rooms have been searched while the occupants are out of the room.”

Re:Chinese espionage is not innocuous

[jandersen]

The author didn't state it elegantly, but he still made the point -- Chinese industrial espionage is very real, is here now, and it is state-sponsored.

I don't think he - or you - has any point besides the obvious. Do you really imagine that guys like you are the only ones that know about these things? Or that China is the only country that does it?

There is no need to go looking for enemies in China or Russia - they are big nations, and they have a clear and obvious interest in not upsetting the balance in the world too much; if one of the big nations were to fail, it would hurt every nation in the world, so America, Russia, China etc are going to protect each others' interests and stability, at least against major upsets. Would China benefit from America suddenly being relegated to the bottom? Of course not - what would happen to their exports and the stability of their currency? No, China is America's friend, at least in the same sense that your business partners are your friends.

The real enemies of America (and China, Russia, ...) are the crackpots who are willing to throw away their own life to hurt you, followed closely by conspiracy theorists, that keep dreaming up sensational "threats", but somehow miss the real ones.

So, how do you know that you are not a conspiracy theorist? Simple: if you are willing to change your opinion in the light of evidence, then you are not one.

Unsubstantiated, possibly racist FUD

[FoolishOwl]

The article basically lays out this argument:

1. There's a Chinese restaurant in the midwest somewhere that, shockingly, serves Chinese food.
2. Graduate students from China have been observed speaking Chinese on the telephone, and at least sometimes, they were speaking to the Chinese consulate -- which is suspicious, since consulates provide services to a nation's citizens living abroad.
3. Therefore, there is a massive Chinese campaign of computer espionage, which is so effective that we can't actually detect anything happening.

I read the article, expecting at least some cursory information about system cracking techniques that have been detected. Instead, there's just this vapid paranoia that Chinese people may be up to something. It smacks of racism.